mega update

baldarn · Jan 14, 2025 · dd673df · dd673df
1 parent b44a3bb
commit dd673df
Show file tree

Hide file tree

Showing 93 changed files with 1,742 additions and 1,329 deletions.
diff --git a/.env.example b/.env.example
@@ -1,9 +1,3 @@
-# conf for docker compose
-
-PG_PORT=8001
-REDIS_URL=redis://localhost
-REDIS_PORT=8002
-
 # kamal version hack for github deployment
 
 APP_VERSION=dev

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,59 +7,83 @@ on:
   pull_request:
     branches: ["main"]
 jobs:
-  tests:
+  scan_ruby:
     runs-on: ubuntu-latest
-    services:
-      postgres:
-        image: postgres:16.4-alpine
-        ports:
-          - "5432:5432"
-        env:
-          POSTGRES_DB: opengas_test
-          POSTGRES_USER: opengas
-          POSTGRES_PASSWORD: opengas
-    env:
-      RAILS_ENV: test
-      DATABASE_URL: "postgres://opengas:opengas@localhost:5432/opengas_test"
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-      - name: Install Ruby and gems
+
+      - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: .ruby-version
           bundler-cache: true
-      - name: Set up database schema
-        run: bin/rails db:schema:load
-      - name: Run tests
-        run: bin/rails test:all
 
-  lint:
+      - name: Scan for common Rails security vulnerabilities using static analysis
+        run: bin/brakeman --no-pager
+
+  scan_js:
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-      - name: Install Ruby and gems
+
+      - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: .ruby-version
           bundler-cache: true
-      - name: Security audit dependencies
-        run: bundle exec bundler-audit --update
-      - name: Security audit
-        run: bundle exec bundle audit
-      - name: Security audit application code
-        run: bin/brakeman -q -w2
+
       - name: Scan for security vulnerabilities in JavaScript dependencies
         run: bin/importmap audit
-      - name: Lint Ruby files
-        run: bin/rubocop --parallel -f github
-      - name: Install Hadolint
-        run: |
-          wget -O ./hadolint https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64
-          chmod +x ./hadolint
-      - name: Lint Dockerfile with Hadolint
-        run: ./hadolint Dockerfile
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Lint code for consistent style
+        run: bin/rubocop -f github
+
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      RAILS_ENV: test
+    steps:
+      - name: Install packages
+        run: sudo apt-get update && sudo apt-get install --no-install-recommends -y google-chrome-stable curl libjemalloc2 libvips sqlite3
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Ruby and gems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Run tests
+        env:
+          RAILS_ENV: test
+          # REDIS_URL: redis://localhost:6379/0
+        run: bin/rails db:test:prepare test test:system
+
+      - name: Keep screenshots from failed system tests
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: screenshots
+          path: ${{ github.workspace }}/tmp/screenshots
+          if-no-files-found: ignore
 
   build:
     needs: [tests, lint]
@@ -83,6 +107,7 @@ jobs:
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
+          registry: ghcr.io
           username: baldarn
           password: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
       - name: Build image
@@ -94,8 +119,8 @@ jobs:
           labels: |
             "service=open-gas"
           tags: |
-            baldarn/open-gas:latest
-            baldarn/open-gas:${{ github.ref_name }}
+            ghcr.io/baldarn/open-gas:latest
+            ghcr.io/baldarn/open-gas:${{ github.ref_name }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
@@ -109,7 +134,6 @@ jobs:
     env:
       RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
       KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
-      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
       APP_VERSION: ${{ github.ref_name }}
 
     steps:

diff --git a/.github/workflows/kamal.yml b/.github/workflows/kamal.yml
diff --git a/.kamal/secrets b/.kamal/secrets
@@ -12,7 +12,6 @@
 
 # Grab the registry password from ENV
 KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
-POSTGRES_PASSWORD=$POSTGRES_PASSWORD
 APP_VERSION=$APP_VERSION
 
 # Improve security by using a password manager. Never check config/master.key into git!

diff --git a/.rubocop.yml b/.rubocop.yml
@@ -1,36 +1,8 @@
-inherit_from: .rubocop_todo.yml
-
-require:
-  - rubocop-capybara
-  - rubocop-rails
-
-AllCops:
-  TargetRubyVersion: 3.3
-  NewCops: enable
-  Exclude:
-    - bin/*
-    - db/schema.rb
-    - vendor/**/*
-
-Style/Documentation:
-  Enabled: false
-
-Metrics/BlockLength:
-  Exclude:
-    - config/environments/*
-    - config/initializers/simple_form_bootstrap.rb
-    - config/routes.rb
-
-Layout/LineLength:
-  Exclude:
-    - config/initializers/devise.rb
-
-Metrics/MethodLength:
-  Max: 50
-  Exclude:
-    - db/migrate/*
-
-Metrics/AbcSize:
-  Max: 50
-  Exclude:
-    - db/migrate/*
+# Omakase Ruby styling for Rails
+inherit_gem: { rubocop-rails-omakase: rubocop.yml }
+
+# Overwrite or add rules to create your own house style
+#
+# # Use `[a, [b, c]]` not `[ a, [ b, c ] ]`
+# Layout/SpaceInsideArrayLiteralBrackets:
+#   Enabled: false
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-3.3.5
+3.4.1
diff --git a/.tool-versions b/.tool-versions
diff --git a/Dockerfile b/Dockerfile
@@ -1,45 +1,60 @@
-# syntax = docker/dockerfile:1
+# syntax=docker/dockerfile:1
+# check=error=true
 
-# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
-ARG RUBY_VERSION=3.3.5
+# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand:
+# docker build -t fixora .
+# docker run -d -p 80:80 -e RAILS_MASTER_KEY=<value from config/master.key> --name fixora fixora
+
+# For a containerized dev environment, see Dev Containers: https://guides.rubyonrails.org/getting_started_with_devcontainer.html
+
+# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
+ARG RUBY_VERSION=3.4.1
 ARG APP_VERSION=undefined
-FROM ruby:$RUBY_VERSION-slim AS base
+FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
 
 # Rails app lives here
 WORKDIR /rails
 
+# Install base packages
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl clang libjemalloc2 libvips sqlite3 && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
 # Set production environment
 ENV RAILS_ENV="production" \
     BUNDLE_DEPLOYMENT="1" \
     BUNDLE_PATH="/usr/local/bundle" \
     BUNDLE_WITHOUT="development"
 
 # Throw-away build stage to reduce size of final image
-FROM --platform=$TARGETPLATFORM base as build
+FROM base AS build
 
 # Install packages needed to build gems
 RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y build-essential=12* git=1* libpq-dev=15* libvips42=8* pkg-config=1* nodejs=18*
+    apt-get install --no-install-recommends -y build-essential=12* git=1* libvips42=8* pkg-config=1* nodejs=18* && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
 
 # Install application gems
-COPY Gemfile Gemfile.lock .ruby-version ./
+COPY Gemfile Gemfile.lock ./
 RUN bundle install && \
-    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
+    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
+    bundle exec bootsnap precompile --gemfile
 
 # Copy application code
 COPY . .
 
+# Precompile bootsnap code for faster boot times
+RUN bundle exec bootsnap precompile app/ lib/
+
 # Precompiling assets for production without requiring secret RAILS_MASTER_KEY
 RUN SECRET_KEY_BASE_DUMMY=1 LOGTAIL_SKIP_LOGS=true ./bin/rails assets:precompile
 
+
+
+
 # Final stage for app image
 FROM base
 
-# Install packages needed for deployment
-RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y curl=7* libjemalloc2=5* libpq-dev=15* libvips42=8* wkhtmltopdf=0* nodejs=18* && \
-    rm -rf /var/lib/apt/lists /var/cache/apt/archives
-
 # Copy built artifacts: gems, application
 COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
 COPY --from=build /rails /rails
@@ -50,9 +65,9 @@ RUN groupadd --system --gid 1000 rails && \
     chown -R rails:rails db log storage tmp
 USER 1000:1000
 
-# Entrypoint prepares the application.
+# Entrypoint prepares the database.
 ENTRYPOINT ["/rails/bin/docker-entrypoint"]
 
-# Start the server by default, this can be overwritten at runtime
-EXPOSE 3000
-CMD ["bin/rails", "s", "-b", "0.0.0.0"]
+# Start server via Thruster by default, this can be overwritten at runtime
+EXPOSE 80
+CMD ["./bin/thrust", "./bin/rails", "server"]